mirror of
https://gitlab.freedesktop.org/pipewire/pipewire.git
synced 2025-10-29 05:40:27 -04:00
pod: improve spa_pod_from_data()
spa_pod_from_data() is now safe against integer overflow.
This commit is contained in:
Wim Taymans
parent
a0beb30ba8
commit
b75ed93e51
1 changed files with 6 additions and 2 deletions
|
|
@ -129,10 +129,14 @@ SPA_API_POD_ITER struct spa_pod_control *spa_pod_control_next(const struct spa_p
|
|||
SPA_API_POD_ITER void *spa_pod_from_data(void *data, size_t maxsize, off_t offset, size_t size)
|
||||
{
|
||||
void *pod;
|
||||
if (size < sizeof(struct spa_pod) || offset + size > maxsize)
|
||||
if (offset < 0 || offset > (int64_t)UINT32_MAX)
|
||||
return NULL;
|
||||
if (size < sizeof(struct spa_pod) ||
|
||||
size > maxsize ||
|
||||
maxsize - size < (uint32_t)offset)
|
||||
return NULL;
|
||||
pod = SPA_PTROFF(data, offset, void);
|
||||
if (SPA_POD_SIZE(pod) > size)
|
||||
if (SPA_POD_BODY_SIZE(pod) > size - sizeof(struct spa_pod))
|
||||
return NULL;
|
||||
return pod;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue